Cryptographic hash generation system

ABSTRACT

A first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements. A third module applies a first function to an initial monoid element and a first of the second monoid elements producing a first calculated monoid element and evaluates an action of the initial monoid element on the first function producing a second function. A fourth module applies the second function to the first calculated monoid element and to a second of the second monoid elements producing a second calculated monoid element and evaluates the action of the first calculated monoid element on the first function producing a third function. Further modules iteratively, corresponding to the number of blocks, apply the produced function to calculated monoid elements and the second monoid elements to produce a hash of the string

BACKGROUND OF THE INVENTION

A cryptographic hash function may be used to transform a large block ofa string of data into a smaller block of hash data. In some examples,the hash data may then be used as an identifier for the string or for aprocessor in communication with the string. The transformation may besuch that recreating the string may be impractical, difficult, orinfeasible. In some situations, it may also be difficult or infeasibleto find two strings that may be transformed to the same hash.

SUMMARY OF THE INVENTION

One embodiment of the invention is a device effective to generate a hashof a string. The device may comprise a memory. The memory may beeffective to include a first function, a first list of first monoidelements, and an initial monoid element. The device may further includea first module effective to receive the string and divide the stringinto a sequence of blocks. The device may further include a secondmodule in communication with the first module and the memory, the secondmodule effective to associate blocks in the sequence of blocks withrespective monoid elements in the first list of first monoid elements toproduce a second list of second monoid elements. The device may furtherinclude a third module in communication with the second module and withthe memory. The third module may be effective to receive a first one ofthe second monoid elements, receive the initial monoid element, receivethe first function, apply the first function to the initial monoidelement and the first one of the second monoid elements to produce afirst calculated monoid element, and evaluate an action of the initialmonoid element on the first function to produce a second function. Thedevice may further include a fourth module in communication with thesecond module and the third module. The fourth module may be effectiveto receive a second one of the second monoid elements, receive the firstcalculated monoid element, receive the second function, and apply thesecond function to the first calculated monoid element and to the secondone of the second monoid elements to produce a second calculated monoidelement.

Another embodiment of the invention includes a method for generating ahash of a string. The method may include receiving the string by firstmodule. The method may include dividing the string by the first moduleinto a sequence of blocks and receiving, by a second module, thesequence of blocks. The method may include associating, by the secondmodule, blocks in the sequence of blocks with respective monoid elementsin a first list of monoid elements to produce a second list of secondmonoid elements. The method may include receiving, by a third module afirst one of the second monoid elements. The method may includereceiving, by the third module, an initial monoid element; receiving, bythe third module, a first function; applying, by the third module, thefirst function to the initial monoid element and the first one of thesecond monoid elements to produce a first calculated monoid element; andevaluating, by the third module, an action of the initial monoid elementon the first function to produce a second function. The method mayinclude receiving, by a fourth module, a second one of the second monoidelements; receiving, by the fourth module, the first calculated monoidelement; receiving, by the fourth module, the second function; andapplying, by the fourth module, the second function to the firstcalculated monoid element and to the second one of the second monoidelements to produce a second calculated monoid element.

Another embodiment of the invention is a system effective to communicatea hash of a string. The system may include a first device and a seconddevice in communication with the first device over a network. The firstdevice may include a first memory. The first memory may include a firstfunction, a first list of first monoid elements, and an initial monoidelement. The first device may further include a first module effectiveto receive the string and divide the string into a sequence of blocks.The first device may further include a second module in communicationwith the first module and the first memory, the second module effectiveto associate blocks in the sequence of blocks with respective monoidelements in the first list of monoid elements to produce a second listof second monoid elements. The first device may further include a thirdmodule in communication with the second module and with the firstmemory, the third module effective to receive a first one of the secondmonoid elements, receive the initial monoid element, receive the firstfunction, apply the first function to the initial monoid element and thefirst one of the second monoid elements to produce a first calculatedmonoid element, and evaluate an action of the initial monoid element onthe first function to produce a second function. The first device mayfurther include a fourth module in communication with the second moduleand the third module, the fourth module effective to receive a secondone of the second monoid elements, receive the first calculated monoidelement, receive the second function, and apply the second function tothe first calculated monoid element and to the second one of the secondmonoid elements to produce a second calculated monoid element. Thefourth module may further be effective to receive the first function,and evaluate the action of the first calculated monoid element on thefirst function to produce a third function. The first device may furtherinclude a fifth module in communication with the second module and thefourth module. The fifth module effective to receive the third function,receive a third one of the second monoid elements, receive the secondcalculated monoid element, and apply the third function to the secondcalculated monoid element and the third one of the second monoidelements to produce the hash of the string. The second device effectiveto receive the hash; and compare the hash with data stored in a secondmemory in communication with the second device to produce anidentification of the first device.

BRIEF DESCRIPTION OF THE FIGURES

The foregoing and other features of this disclosure will become morefully apparent from the following description and appended claims takenin conjunction with the accompanying drawings. Understanding that thesedrawings depict only some embodiments in accordance with the disclosureand are therefore not to be considered limiting of its scope, thedisclosure will be described with additional specificity and detail byreference to the accompanying drawings in which:

FIG. 1 is a system drawing of a cryptographic hash generation system inaccordance with an embodiment of the invention.

FIG. 2 is a flow diagram illustrating a process which could be performedin accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

In the following detailed description, reference is made to theaccompanying drawings which form a part thereof. In the drawings,similar symbols typically identify similar components unless contextindicates otherwise. The illustrative embodiments described in thedetailed description, drawings and claims are not meant to be limiting.Other embodiments may be utilized and other changes may be made withoutdeparting from the spirit or scope of the subject matter presentedherein. It will be readily understood that the aspects of the presentdisclosure as generally described herein and as illustrated in theaccompanying figures can be arranged, substituted, combined, separatedand/or designed in a wide variety of different configurations all ofwhich are explicitly contemplated herein.

Referring to FIG. 1, there is shown a cryptographic hash generationsystem 100 which may be used in accordance with an embodiment of theinvention. In system 100, a user 102 may input a string 104 into a hashfunction generator device 106. For example, user 102 may use a processor118 to input string 104. As discussed in more detail below, hashfunction generator 106 may be effective to transform string 104 into ahash of string H(S) 108. In some examples, hash function generatordevice 106 and/or processor 118 may further send hash 108 and hashfunction 132 over a network 110. Network 110 may include, for example, awireless network, a wired network, the Internet, a cellular network, anear field communication (NFC) network, a radio frequency identification(RF-ID) network, a cloud computing environment, etc.

A processor 112, in communication with network 110, may receive hash 108and hash function 132. Processor 112 may compare hash 108 using hashfunction 132 with data stored in a memory 116. Based on the comparisonby processor 112, processor 112 may generate an identifier 114 for user102 and/or processor 118. For example, processor 112 may be a reader andprocessor 118 may be a tag in an RF-ID environment. Hash 108 could be atransformation of a public key used in public key encryptioncommunication between tag/processor 118 and reader/processor 112.Reader/processor 112 may compare hash 108 with data in memory 116 todetermine which public key/identifier 114 will be used by tag 118.

Hash function generator device 106 may include a string to blockdecomposition module 120, a block sequence to monoid list module 124,and two or more function evaluation/generation modules 126. At leastsome of these modules may be in communication with a memory 144 and/or aprocessor 146. Processor 146 could have a relatively small processingpower such as with a 5 MHz clock cycle. Memory 144 could have arelatively small size and have, for example, 1 kb of memory. Modulescould be implemented as software such as with a processor and/or inhardware or firmware.

String 104 may be a sequence of bits with a number of bits that is amultiple of a variable λ. Hash function generator device 106 may sendstring 104 as an input to a string to block module 120. String to blockmodule 120 may be effective to divide string 104 into a sequence ofblocks 122 (B₁, B₂, . . . B_(l)), each with a length of λ bits. In theexample, string 104 is divided into l blocks, where each block is of alength of λ bits. In situations where string 104 includes a number ofbits that is not equally divisible by λ, string to block module 120 mayadd padding bits to produce a modified string with a number of bits thatis equally divisible by λ.

String to block module 120 may send sequence of blocks 122 to a blocksequence to monoid list module 124. Block sequence to monoid list module124 may also receive a first list of monoid elements 130. List of monoidelements 130 may be stored in a memory 144. Monoid elements may be, forexample, matrices with entries in a finite field.

Each block B in sequence of blocks 122 includes bits in a binary formatthat may represent a number with a value u between 0 and 2^(λ)−1. Thevalue may be denoted by u(B_(i)). Block sequence to monoid list module124 may transform sequence of blocks 122 into a corresponding sequenceof numbers u(B₁), . . . u(B_(l)). Block sequence to monoid list module124 may then associate each value u(B_(i)), and hence each block B_(i),with a monoid element c_(u(B) _(i) ₎ in list of monoid elements 130 toproduce a second list of monoid elements 128 c_(u(B) ₁ ₎ . . . , c_(u(B)₂ ₎, . . . , c_(u(B) _(l) ₎. Monoid elements 128 may be sent torespective function evaluation/generation modules 126. For example,c_(u(B) ₁ ₎ may be sent to function evaluation/generation module 126 ₁,c_(u(B) _(i) ₎ may be sent to function evaluation/generation module 126_(i), etc.

Each function evaluation/generation module 126 _(i) receives arespective monoid element c_(u(B) _(i) ₎ from second list of monoidelements 128, a function

_(i-1), and a monoid element n_(i-1). Each functionevaluation/generation module 126 acts on these inputs to produce anoutput. For example, function evaluation/generation module 126 ₁receives monoid element c_(u(B) ₁ ₎, initial function

_(o) 134 and initial monoid element n_(o) 136. Initial function

_(o) may be a one-way function as discussed below and may be stored inmemory 144. Monoid element n_(o) could be, example, a matrix with mod pentries, and may be stored in memory 144. Function evaluation/generationmodule 126 ₁ may apply function

_(o) to n_(o) and to c_(u(B) ₁ ₎ to produce monoid element n₁.

n ₁=

_(o)(n _(o) , c _(u(B) ₁ ₎₎

Function evaluation/generation module 126 ₁ may also evaluate the actionof n₀ on initial function

_(o) to produce a new function

₁.

₁n₀∘

_(o)

Function evaluation/generation module 126 ₁ may send n_(1l), initialfunction

_(o), and new function

₁ to function evaluation/generation module 126 ₂.

Function evaluation/generation module 126 ₂ receives monoid elementc_(u(B) ₂ ₎, initial function

_(o), function

₁ and monoid element n₁. Function evaluation/generation module 126 ₂ mayapply function

₁ to n₁ and to c_(u(B) ₂ ₎ to produce monoid element n₂.

n ₂=

₁(n ₁ , c _(u(B) ₂ ₎)

Function evaluation/generation module 126 ₂ may evaluate the action ofn₁ on initial function

_(o) to produce a new way function

₂.

₂=n₁∘

_(o)

Function evaluation/generation module 126 ₂ may forward n₂, initialfunction

_(o), and new function

₂ to function evaluation/generation module 126 ₃.

This iterative process of generating monoid elements n_(i) and newfunctions

_(i) continues for each block in sequence of blocks 128. For example,function evaluation/generation module 126 ₃ receives monoid elementc_(u(B) ₃ ₎, initial function

_(o), function

₂ and monoid element n₂. Function evaluation/generation module 126 ₃ mayapply function

₂ to n₂ and to c_(u(B) ₃ ₎ to produce monoid element n₃.

n ₃=

₂(n ₂ , c _(u(B) ₃ ₎)

Function evaluation/generation module 126 ₃ may evaluate the action ofn₂ on initial function

_(o) to produce a new function

₃.

₃=n₂∘

_(o)

The last monoid element c_(u(B) _(l) ₎ in list of monoid elements 128produced by block sequence to monoid list module 124 is sent to functionevaluation/generation module 126 _(l-1).

Function evaluation/generation module 126 _(l-1) receives monoid elementc_(u(B) _(l) ₎, function

_(l-1) and monoid element n_(l-1) Function evaluation/generation module126 _(l-1) may produce Hash (S) 108.

Hash (S)=

_(l-1)(n _(l-1) , c _(u(B) _(l) ₎)

Hash(S) 108 may be sent from processor 118 to processor 112 over network110. Processor 118 may also send hash function 132 which may includeinitial function

₀, list of monoid elements 130, and initial monoid element n_(o).Processor 118 may receive hash 108 and compare hash 108 with a list ofhash values in memory 116. In another example, processor 118 may receivehash function 132, apply hash function 132 to values in memory 116(using hash function generator device 106) and determine which resultanthash matches hash 108. For example, passwords may be maintained inmemory 116. Processor 112 may apply hash function 132 to each passwordand identify which password corresponds to hash 108.

Function

may be a one-way function that is computable but difficult, perhapsinfeasible, to reverse. In an example, an instance of a one-way functionbased symmetric encryption protocol utilizes an Algebraic Eraser. AnAlgebraic Eraser may include a specified 6-tuple (M

S, N, Π, E, A, B) where

M and N are monoids,

S is a group that acts on M (on the left),

M

S denotes the semi-direct product,

A and B denote submonoids of M

S, and

Π denotes a monoid homomorphism from M to N. The E-function, also calledE-multiplication, is defined by

E: (N×S)×(M

S)→(N×S)

E((n,s), (m ₁ , s ₁))=(nΠ(^(s) m ₁), s s ₁).

It is observed that the E-function satisfies the following identity:

E((n, s), ((m ₁ , s ₁)·(m ₂ , s ₂)))=e(e((n,s), (m ₁ , s ₁)), (m ₂ , s₂)).

Function

may be an Algebraic Eraser (M

S, N, Πl, E, A, B). Letting M=M

S, N=N

S, function F is defined as follows: given (n₀, s₀) ∈N

S and (m, s₁) ∈M

S let F: N×M→N denote the function:

F((n ₁ , s ₁), (m, s ₂))=E((n ₁ , s ₁), (m, s ₁₂))=n ₁Π(^(s) ¹ m), s ₁ s₂).

The structure of the one-way function F enables the following definitionof a new one-way function via a left action. Given an arbitrary element(n₀, s₀) ∈N, and

as specified above, the one-way {(n₀, s₀)∘

} is defined by

{(n ₀ , s ₀)∘F}((n ₁ , s ₁), (m ₂ , s ₂))=((n ₁ Π(^(s) ⁰ ^(s) ¹ m ₂), s₁ s ₂)

where (n₁, s₁) ∈N

S and (m₂, s₂) ∈M

S. A feature of these specified actions is that the property

{(n ₀ , s ₀)∘

}((n ₁ , s ₁), (m ₂ , s ₂)·(m ₃ , s ₃))={(n ₀ , s ₀)∘F}({(n ₀ , s₀)∘F}((n ₁ , s ₁), (m ₂ , s ₂)), (m ₃ , s ₃)),

for all (n₁, s₁)∈N

S and (m₂, s₂), (m₃, s₃)∈M

S. An application of this feature is that the one-way function (n₀,s₀)∘F can be evaluated incrementally, and thus efficiently.

Given a one-way function F₀, the collection of one-way functions

{(n₀, s₀)∘F|(n₀, s₀)∈N

S}

satisfies the requirements for the class of one-way functions describedabove for initial function F₀. The sequence of one-way functions thatappear in FIG. 1 may take the form:

F₀, {(n₀, s₀)∘F₀}, {(n₁, s₁)∘F₀}, {(n₂, s₂)∘F₀}, . . .

Another instance of a function that may be used is a function wheremonoids M and N are chosen to be a group G. Defining relators of G mayallow for an effective rewriting or cloaking of group elements, and aconjugacy equation in G may be relatively difficult to solve. Thisinsures that the function F: G×G→G defined by the equation,

F(x, g)=g ⁻¹ xg

where x, g∈G, is a one-way function. Given a group element, x₀∈G, definethe left action of x₀ on the one-way function F by

{x ₀ ∘F}(x, g)=g ⁻¹ x ₀ ⁻¹ x x ₀ g.

As with the previous example,

{x ₀ ∘F}(x, g ₁ g ₂)={x ₀ ∘F}({x ₀ ∘F}(x, g ₁)), g ₂).

The collection of one-way functions,

{{x₀∘F}|x₀∈G},

satisfies the requirements for the class of one-way functions describedabove for initial function F₀.

Among other benefits, a system in accordance with this disclosure mayenable a processor to relatively quickly compute the hash of each blockof a message, and, thereby, quickly compute the hash of the entiremessage itself. Long messages may be transformed into a shortenedmessage due to, at least in part, the ability to break the message intosmaller pieces. A hash of the message may then be generated, by firsthashing the first block using, the output of which is then used to hashthe second block, and then proceeding iteratively until the hash of thefinal block is obtained using. A signature may then be applied to thehash of the message. Functions used in producing the hash may be derivedfrom previously used functions based on actions of monoid elements. Aseach iterative step may use a relatively quick to process function, theentire hash generation process may be relatively fast. As each functionis mutated in subsequent steps, it would be very difficult, perhapsinfeasible, to guess all of the functions used in generating the hash.Changing values of monoid elements and/or the initial monoid element mayproduce new hash functions.

Referring to FIG. 2, there is shown a process which could be performedin accordance with an embodiment of the invention. The process could beperformed using, for example, system 100 discussed above and may be usedto generate a hash of a string.

As shown, at step S2, a first module may receive a string to be hashed.At step S4, the first module may divide the string into a sequence ofblocks. For example, the first module may divide the string into blocksof bits with an equal length.

At step S6, a second module may receive the sequence of blocks. At stepS8, the second module may associate the blocks with respective monoidelements in a first list of first monoid elements to produce a secondlist of second monoid elements.

At step S10, a third module may receive a first one of the second monoidelements, an initial monoid element and a first function. At step S12,the third module may apply the function to the initial monoid elementand to a first one of the second monoid elements to produce a firstcalculated monoid element.

At step S14, the third module may evaluate an action of the initialmonoid element on the first function to produce a second function. Atstep S16, a fourth module may receive a second one of the second monoidelements, the first calculated monoid element and the second function.At step S18, the fourth module may apply the second function to thefirst calculated monoid element and to the second one of the secondmonoid elements to produce a second calculated monoid element.

While various aspects and embodiments have been disclosed herein, otheraspects and embodiments will be apparent to those skilled in the art.The various aspects and embodiments disclosed herein are for purposes ofillustration and are not intended to be limiting, with the true scopeand spirit being indicated by the following claims.

What is claimed is:
 1. A device effective to generate a hash of astring, the device comprising: a memory, wherein the memory is effectiveto include a first function, a first list of first monoid elements, andan initial monoid element; a first module effective to receive thestring and divide the string into a sequence of blocks; a second modulein communication with the first module and the memory, the second moduleeffective to associate blocks in the sequence of blocks with respectivemonoid elements in the first list of first monoid elements to produce asecond list of second monoid elements; a third module in communicationwith the second module and with the memory, the third module effectiveto receive a first one of the second monoid elements, receive theinitial monoid element, receive the first function, apply the firstfunction to the initial monoid element and the first one of the secondmonoid elements to produce a first calculated monoid element, andevaluate an action of the initial monoid element on the first functionto produce a second function; a fourth module in communication with thesecond module and the third module, the fourth module effective toreceive a second one of the second monoid elements, receive the firstcalculated monoid element, receive the second function, and apply thesecond function to the first calculated monoid element and to the secondone of the second monoid elements to produce a second calculated monoidelement.